APR-02-04 12:25PM FROM-Fenwick & West Mountain View 



IN THE CLAIMS 

Claims5, 17 and 29 are amended. 

1. (Cancelled) 

2. (Cancelled) 

3. (Cancelled) 

4. (Cancelled) 

S^ll & ^ 5. (Currently Amlnded) A computer-implemented system for protecting a 




network, comprising: 

3 a vulnerability detekion system (VDS) for gathering information about the 

4 network to determine vulnerabilities of aplurality of hosts on the 
\ <; network; ana 

' 6 an intrusion detection system (IDS) moperBtive with the VPS, for examining 

network traffic responsive to the vulnerabilities of a host from the 
plurality of rLts as determined by the VDS to detect traffic indicative 
9 of malicious jactivity. 

/ 

1 %: (Previously Presented) The system of claim $, wherein the VDS is 

2 adapted to gather information about the network by sending data to the plurality of hosts 

3 and receiving responsive data from the plurality of hosts. 

1 r (Previously Presented) The system of claim^ wherein the VDS is 

2 adapted to gather information automatically provided by the plurality of hosts. 

lr (Previously Presented) The system of claim £ further comprising: 



1 



2 a 
3 



vulnerabilities rules database, in communication with the VDS, for storing 
rules describing vulnerabilities of the plurality of hosts, 
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wherein the VDS is adapted to analyze the gathered information voth the rules 
to determine the vulnerabilities of the plurality of hosts. 

y. (Previously Presented) The system of claimtfwherein the VDS is 
\ aoaptal to analyze to gathered information «ith the rules to identify operating systems 

3 on to plurality of hosts and determine to vulnerabilities responsive to to respective 

4 operating systems. 

1 *K (Previously Presented) The system of claim «C wherein the VDS is 
adapted to analyze the gathered information with the rules to identify open ports on the 
plurality of hosts and determine the vulnerabilities based on the open ports. 

7 ^ 
» (Previously Presented) The system of claim* wherein the VDS » 

2 adapted to analyzed gathered information with the rules to identify applications 

3 executing on the plurality of hosts and determine the vulnerabilities based on the 

4 applications. 

* 1 „ ■• 

1 (Original) The system of claims further comprising: 

2 ' an intrusion rules database, in communication with the IDS, for storing rules 

3 describing malicious activity, 

4 wherein the IDS is adapted to analyze the network traffic with the rules to 

5 detect network traffic indicative of exploitations of the deterrnined 

6 vulnerabilities . 

! t* (Original) The system of claim * wherein the IDS is adapted to detect 
2 traffic indicative of exploitations of only the determined vulnerabilities. 

1 [r (Cancelled) 

! 4 (Original) The system of claim ft wherein the VDS is adapted to update 

2 the determined vulnerabiUties, and wherein the IDS is adapted to detect traffic indicative 

3 of malicious activity in response to the update. 
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X. (Original) The system of claim ^wherein the VDS is adapted to update 
the determined vulnerabilities in response to a change in the network. 

17. (Currently Amended) A computer-implemented method for protecting a 

network, comprising: . 

gathering information about the network to determine vulnerabiUties of a 

plurality of hosts on the network; and 
^P^th,. with A ^ f"""*™ ^formation, examining network traffic 
responsive tithe determined vulnerabilities of a host from the plurality 
of hosts to ditect network traffic indicative of malicious activity. 
- % \ ^ 

rf. (Previously Presented) The method of claim J< wherein gathering 
information comprises sending data to plurality of hosts on the network and receiving 
responsive data from the plurality of hosts. 

4 l v 
YS. (Previously Presented) The method of claim wherein garnering 
information comprises receiving data automatically provided by the plurality of hosts on 
the network. 

2fc (Previously Presented) The method of claim YT, further comprising: 
storing rules to describe vulnerabilities of the plurality of hosts, 
wherein determining vulnerabilities includes analyzing the gathered 
information with the rules. 

\\ [ < 

Z£ (Previously Presented) The method of claim 2tf, wherein determining 

vulnerabilities comprises analyzing the gathered information with the rules to identify 
operating systems on the plurality of hosts. 

(Previously Presented) The method of claim 2CC wherein determining 
vulnerabilities comprises analyzing the gathered information with the rules to identify 
open ports on the plurality of hosts. 
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A 6 

V (Previously Presented) Tie meihod of claim arfvAereta determining 

vvinerabffities comprises comparing the gathered information against the rules to identtfy 
applications on the plurality of hosts. 



11 



\ 



(Original) The meihod of claim Yf, further comprising: 
storing rules describing malicious activity, 

wherein detecting network traffic indicative of malicious activity comprises 
analyzing the network traffic with the rules to detect traffic indicative 
of exploitations of the determined vulnerabilities. 

(Original) The meihod of claim rf, wherein examining network traffic 
consists of detecting traffic indicative of exploitations of only the determined 
vulnerabilities. 



1 

2 



1 

2 




126. (Cancelled) 

^r. (Previously Presented) The method of claim ^further comprising: 
updating the determined vulnerabilities and detecting traffic indicative of 
malicious activity in response to the update. 

2ST (Original) The method of claim 2>f, wherein ihe updating is responsive to a 
change in the network. 

29. (Currently AmeAled) A computer program product, comprising: 
a computer-readablelnedium having computer program logic embodied 

therein for protecting a network, the computer program logic: 
gathering informatio, i about the network to toermine vulnerabilities of a 

plurality of hosts on the network; and 
^ r , a ^ with the V T nf r***"> infection, exmhring network traffic 



responsive to the determined vulnerabilities of a host from the plurality 
of hosts to de^ct network traffic indicative of malicious activity. 
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1 *6 (Previously Presented) The computer program product of claim 2ft 

2 wherein gathering information comprises sending data to plurality of hosts on the 

3 network and receiving responsive data from the plurality of hosts. 

1 jtfT (Previously Presented) The computer program product of claim 2f, 

2 wherein gathering infonnation comprises receiving data automatically provided by the 

3 plurality of hosts on the network. 

1 (Previously Presented) The computer program product of claim 2* 

2 further comprising: 

3 storing rules to describe vulnerabilities of the plurality of hosts, 

4 wherein determining vulnerabilities includes analyzing the gathered 
c information with the rules. 

! %. (Previously Presented) The computer program product of claim^ 

2 wherein determining vulnerabilities comprises analyzing the gathered formation with 

3 the rules to identify operating systems on the plurality of hosts. 

1 J* (Previously Presented) The computer program product of claim ST, 

2 wherein determining vulnerabilities comprises analysing the gathered information with 

3 fhe rules to identify open ports on the plurality of hosts. 

1 3* (Previously Presented) The computer program product of claim 32, 

2 wherein detennining vulnerabilities comprises comparing the gathered information 

3 against the rules to identify applications on the plurality of hosts. 

1 ]fe (Original) The computer program product of claim^ further composing: 

2 storing rules describing malicious activity, 

3 wherein detecting network traffic indicative of malicious activity comprises 

4 analyzing the network traffic with fhe rules to detect traffic indicate 

5 of exploitations of the determined vulnerabilities. 
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, yf. (Ori^^^PuttrprogrmproductofclMm^vteemexamintog 

3 vulnerabilities, 

1 ^38. (Cancelled) 

! # (Previously Presented) The computer program product of clam 



2 comprising: 

3 updating the determined vulnerabilities; and 

4 detecting traffic indicative of malicious activity in response to the update. 

1 ^ (Previously Presented) The computer program product of claim 3< 

2 wherein the updating is responsive to a change in the network. 
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